Typically, in a computer network, a firewall is a protection system implemented in hardware or software that regulates the data traffic between different networks and prevents transmitting and/or receiving inadequate access, unauthorized or harmful between a personal computer, a home or corporate network and an Internet connection.
The use of a firewall via hardware consists of installing an additional device located between the user's machine and internet access.
The use of a firewall via software consists of installing a program on the user's own machine, and the selection of content that may or may not travel through the firewall made by rules established by a network administrator who follows corporate policies defined by a company or even by the users of the machines connected to the network, that configure them according to their particular protection needs and control.
In the context of the present invention, any portable device that is able to connect to the Internet through a cable or wireless becomes a node in the network and therefore is likely to use a firewall for protection. In the case of wireless connections, the Internet connection can be made over Wi-Fi, Bluetooth, Zigbee, or through a cellular network using, for example, 2G, 3G or 4G technologies.
Today, devices connected to the Internet are subject to malicious attacks that search for vulnerabilities in the system in order to find some gap to make an invasion on the machine which may cause damage such as:                Files can be deleted or the storage media can be damaged occurring data loss;        By having access to the system, the attacker can view the contents of personal files and make use of this information that may be personal or confidential;        The system may be down, leaving it inoperable;        Improperly using the machine, which attributes to the operator the responsibility of the actions taken by the attacker;        Undesired data traffic, consuming bandwidth.        
Moreover, every time a machine is attacked, the user will use spending and loss of time to repair the system. A device or subnet without the protection of a firewall does not offer to the user or to network administrator the possibility to select content that will traverse the network, increasing the chances of damage or inconvenience as mentioned before.
Some solutions are proposed in the art. However, none of them is capable of providing effective protection against the problems enumerated above.
The Brazilian patent application PI 0519544-6, published on Jun. 29, 2006, owner: QUALCOMM INCORPORATED, introduces the concept of a firewall installed on the remote data service provider (carrier) and dynamically configured by the mobile device, for example, whenever an incoming undesired connection is detected (passive socket) or when the user changes any of the local configuration settings. The problem solved by the method of the Brazilian document is to avoid wasting band, which happens to a local firewall, filtering out undesired packets, before they are sent to the mobile device, while decentralizing the configuration of remote firewall. Differently from the said document, in accordance with the present invention, a local firewall is proposed, in which data packets are filtered in the device itself and not by the service provider, making it independent of any external infrastructure. Another disadvantage presented by the solution presented by the Brazilian document PI 0519544-6 is that the Firewall does not change its behavior depending on the location of the mobile device or other connectivity factors (VPN, Wi-Fi), which is the main focus of the present proposed invention. Furthermore, this document PI 0519544-6 provides for updating firewall settings dynamically by the mobile device, whereas, according to the present invention, this may be configured in a centralized manner by a network administrator, locally by the user and in both cases, it depends on the policies defined from the location of the device.
The US patent document US 2008107068, published on May 8, 2008, owner: NTT DOCOMO, INC., is related to the Firewall configuration on a remote network that supports Mobile IP. In this particular case, the data targeted at mobile devices connected to the network are directed to a single Home Agent, which is responsible for redirecting the data packet to the correct mobile device. Depending on the network topography, different firewalls may be positioned between the mobile device and the Home Agent. The central concept of this document is to enable the configuration of these firewalls centrally (by the home agent), allowing different settings for the mobile device, while all firewalls will share the same configuration set per device. In contrast, the present invention proposes a Local Firewall implemented within the portable device. The problem to be solved by this document is to keep a unique configuration, regardless of the location of the mobile device, while the present invention aims to provide flexibility to change the current configuration of the firewall, according to their geographical location.
The US patent document US 2002/0166068, published on Nov. 7, 2002, is analogous to the document US 20081070682 previously discussed, the essential difference being the infrastructure that is involved. In accordance with the teachings of this document, the waste of bandwidth on the data link (remote firewall) is prevented and also promotes the possibility of different settings for each portable device connected to the network through the use of a central repository called “Wireless Internet Facility (WIF)”, which stores the firewall configuration of each portable device. When the phone connects to a base station, it will search for the WIF firewall configuration of that specific device, will download and apply the firewall configuration until the device disconnects this base station. In contrast, these prior art approaches discussed so far, the present invention proposes a local Firewall. As the document US 2008107068, the document US 2002/0166068 solves the problem of maintaining a unique configuration regardless of the location of the mobile device, while the present invention aims to provide flexibility to change the current configuration of the firewall, according to their geographical location.
The Chinese patent document CN 200910091623.6, published on Jan. 27, 2010, owner: HUAWI TECH SHENZHEN CO., LTD. LTD uses GPS features and/or triangulation of the cellular network to detect the user's position and thus apply Firewall rule that is defined for that location. The Firewall is local and allows it to support multiple locations or locations with no defined rules. However, the Firewall in this Chinese document does not work with filter/lock of the data network. It acts only on the functionality of calling and text messaging of the phone. The patent also does not provide configuration done remotely by the administrator, but only by the phone user. Another drawback is the lack of control mechanisms of the phone devices, such as disabling USB, Bluetooth. Furthermore, Wi-Fi cannot be used to determine the user location.
The US patent document U.S. 2007/0067838, published on Mar. 22, 2007, relates to a Remote Firewall, where a list of policies (pinholes) is defined at the time of activation of the portable device on the network. Once the device connects to the network, the firewall configuration is loaded and synchronized over the network firewalls of mobile operator in question. This configuration has a list of static policies, or pinholes. In addition, this document includes the concept of a synchronization of Firewalls protocol and also the need to authenticate the phone to be able to change the list of dynamic policies, which can be updated by the portable device to include/Remove dynamic pinholes. In essence, despite some differences, that document US 2007/0067838 relates to more than one firewall installed on a phone network operator, which can be configured remotely by the portable device. In contrast, the present invention provides for the local implementation of the firewall on the device itself. In addition, the firewall of the present invention may have policies of different devices updated centrally by the network administrator, while the document US 2007/0067838 provides for the updating of policies by the portable device that uses them. Again, the main difference between this invention and this prior art is the ability to change the set of active configurations, according to the geographic location of the portable device.